Achieving resilience against modern cyberthreats
By: Reto Haeni, Chief Security Officer and Advisor for Western Europe, Microsoft
14 May 2014

Send EMail

As our use of mobile computing and social media technologies grows, so does our exposure to risk. On the one hand, the widespread adoption of new mobile, social media, cloud services and big data technologies creates unprecedented opportunities for productivity and flexibility. Yet without the right defenses in place, they can also open us to new kinds of vulnerabilities, as attacks that target devices operating outside the enterprise perimeter are quickly growing in volume and sophistication.

Passive protection is no longer sufficient for ensuring the security of information and IT infrastructures. A new Microsoft white paper, Achieving resilience against modern cyberthreats, explores the ways that governments and enterprises can protect their valuable information by creating a holistic security strategy, built on risk management, to achieve resilience against in an era of constant targeted attacks and determined adversaries.

The paper explores Microsoft’s holistic “Protect, Detect and Respond” approach to security strategy, including key principles for organizations, the importance of trustworthy cloud services, and the steps to take for securing an IT infrastructure in today’s threat landscape. This proactive strategy requires that an organization understand its assets and its exposure, and apply appropriate protection throughout the entire IT ecosystem in a continuous process. It also recognizes that enterprises must manage their inevitable risk – absolute security is not possible, so organizations must go beyond just protecting resources and also establish processes for detecting, responding and recovering from incidents when they occur.

In order increase an enterprise’s resilience against threats and “boost the IT immune system,” organizations need a security strategy that includes a resilient infrastructure based in trustworthy cloud services as well as good IT hygiene and policy-based access to information. This includes taking steps such as:

  • Upgrading operating systems and managing patches

  • Aligning the Active Directory to the threat environment

  • Assessing threats and countermeasuresImplementing secure software development

No one understands the complexity of this challenge better than Microsoft. Our world-class Trustworthy Computing (TwC) Initiative has been developing secure and reliable computing solutions for more than a decade, laying the foundation for advanced solutions and services to help customers protect themselves against the attacks of determined adversaries and quickly recover key IT systems in the aftermath of a breach. Through a combination of trustworthy cloud services, more secure operating systems and software and security-enhanced devices, public sector agencies and commercial customers can utilize the world’s most advanced cyber capabilities to monitor and protect their enterprises. In addition, Microsoft experts are available to offer a complete bundle of services tailored to the needs of each organization.

Read the white paper to learn more about how public and private sector organizations can protect their critical information in today’s rapidly evolving risk landscape, and for additional guidance, tools, and tips from our experts, visit http://www.microsoft.com/security.

Originally posted in Microsoft on Safety & National Security